[Fedora-directory-users] TLS authentication
Pete Rowley
prowley at redhat.com
Tue Aug 8 20:31:36 UTC 2006
Adams Samuel D Contr AFRL/HEDR wrote:
>Anyway, should I worry about clients using the LDAP to authenticate
>without TLS?
>
That really depends on your deployment - how sensitive would you be to
someone having their credentials sniffed off the wire? How likely is it
that someone will attempt a non-encrypted bind? YMMV.
> Do I need to set my directory server such that users can
>only authenticate only if they have TLS enabled?
>
>
By the time the bind code is evaluating whether a secure transport was
used the credentials have already passed over the wire. If you are
sensitive to this, then I would suggest you disable the non-secure port
by setting its port # to zero, then the only way to attempt a bind is
over the secure port using SSL.
--
Pete
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060808/1f727656/attachment.bin>
More information about the Fedora-directory-users
mailing list